14 Replies Latest reply: Mar 21, 2013 7:41 PM by Don Roedl
Bacartini Level 1 Level 1 (0 points)

I set up my school lab with an xserv 10.6.8. Everything was fine in terms of the users logging in to their respective groups. However, they weren't able to save anything to the server , they had access denied errors or you don't have permissions, even the keychain app was giving the users an error that said it couldn't save  to reset to default values. Anyhow, I tried using the Server Admin application to propagate permissions, selected the hard drives and propagated permissions by clicking all the selections in the dialog. Now, the server wont start and only shows the grey Apple and the spinning gear, please help, I am so frustrated, I was so close to have this server running. All I want is to be able to have the students in my school log in to the server from the computer lab and save their work on the server. Simple service, I have running AFP, OD, DNS and SMB. I don't knowe if SMB is neccesary either.


Xserve, Mac OS X (10.6.8), Using Open Directory and a secondHD
  • 1. Re: Clients can't save to the server, access denied no permissions, how to give permission?
    Don Roedl Level 2 Level 2 (210 points)

    That sounds frustrating alright. So you have 2 issues, the unit won't start, and permissions. If you selected the drives and copied down permissions then you likely hosed some important system file permissions. You may have to start over on your installation, or restore from a good backup.

     

    You could try this:  Use the system install DVD, or any Snow Leopard commercial DVD to start the unit and then repair permissions from Disk Utility. This can also be done in Single User More but that can be a bit more complicated.

     

    So how did you create the home directories for your users?

  • 2. Re: Clients can't save to the server, access denied no permissions, how to give permission?
    Don Roedl Level 2 Level 2 (210 points)

    I just read your original post. There should never be any reason that I know of to propogate hard disk permissions on server hard drives. If repairing permissions on the boot drive did not work, then I would be reinstalling the server from scratch.

     

    Still curious about how you created users homes. Did each user have an individual account by thier user name?

  • 3. Re: Clients can't save to the server, access denied no permissions, how to give permission?
    Bacartini Level 1 Level 1 (0 points)

    First I added the machines, (iMacs) using workgroup manager, I created a guest computer  then created sharepoints for the users and groups I created. Just to sharepoints, the users and groups folders on the second hard drive. Then creating the users using WGM and adding them to the sharepoint I created earlier. I did the same with the groups, I created a group and used the sharepoint as the folder to used on the server. I think I shouldn't used the HD's as sharepoints. The problem with permissions began when I tried to save work to the server. First safari gave me an error with the keychain and then I tried saving an image from the web and couldn't because of permmissions issues, or basically access denied. I propagated permissions to the wrong items and/or folders to fix the access denied issue. I don't know how to solve the issue with the permissions or the access denied to the users and thought that by propagating permissions to all the items in server admin under ACL and POSIX. That's how I messed everything up!

  • 4. Re: Clients can't save to the server, access denied no permissions, how to give permission?
    Don Roedl Level 2 Level 2 (210 points)

    Ok. I am trying to understand the method you used to create home dirs. This may seem elementary but it would help to be clear on this....

     

    Did you create the home for each user using the WGM 'home' tab, and then click "Create Home Now" and then 'Save'?

     

    Did you write homes using terminal with command sudo createhomedir -a ?

     

    Did you create the user sharepoints inside of a folder on the primary volume or a secondary volume?

     

    Doing these things correctly is Key to getting access and permissions right for users.

  • 5. Re: Clients can't save to the server, access denied no permissions, how to give permission?
    Bacartini Level 1 Level 1 (0 points)

    Yes, I created the users using WGM home tab and then clicking on the create home now and then save. No, I didn't use terminal with the command, maybe that's one of the things I needed to do so that the problems with permissions wouldn't show. I used the secondary HD to create the sharepoint folder "Users" and that's the folder I used when creating the home directory for that specific part of the setup. My setup is pretty simple, I just want a Groups folder(sharepoint) where I can store the diffrent grades or classes that come to my lab and I have a "Users" folder(sharepoint) where the kids can use to login and save their work. Later, I may add another folder to place videos so that the folder can mount when they log in and all they have to do is go to the folder and double click on the video. Can you ellaborate more on how to use the command with terminal? Would the "a" be the name of the sharepoint? I created the folders using Server Admin, I believe that clicking on the sharepoint button, there is another button that says "new", would that be the correct way to do it? When I get back to school tomorrw I will post more specifics on the way that I setup the server and maybe it will give you a better picture of how I did it.

    I really appreciate your assistance, I am trying to use the limited knowledge I have to setup this lab which will enable me to do a lot of things with the kids and make their lives easier, so they don't have to bring flash drives to save their work. Thanks again for your time!

  • 6. Re: Clients can't save to the server, access denied no permissions, how to give permission?
    Don Roedl Level 2 Level 2 (210 points)

    Thank you. I just couldn't tell from your first writing exactly what process you used. I don't think it matters if you use WGM or terminal to create the users. Terminal is just faster for creating batch homes. So I am wondering if the name you used for your homes on the secondary volume, 'Users', is conficting in some way with the native home on the main volume. Could you do a quick experiment and create a home on the secondary volume with another name, say 'students'. Make sure that that home has the same permissions as the native 'Users' folder on the boot volume before you share it. Create 1 user and make his home there, for testing. Also, create 1 other unique user in the Users folder on the main volume. Leave the group volumes out of it for now. See if you can log in successfully with either user.

  • 7. Re: Clients can't save to the server, access denied no permissions, how to give permission?
    Bacartini Level 1 Level 1 (0 points)

    I reinstalled the server software and started from scratch. I created two sharepoints on the second hard drive, one called "grades 2013" to put all the grasdes and "students 2013" to place all the users. When I create a group I point it towards the "grades 2013" workgroup folder I created. Then, when I create a user I do the same, I connect it to the students 2013 folder I created for the students. The user shows up on the log in window but when I try to connect it says an error occurred and can't connect. Is this the right procedure where the user has to be in the user's folder and the groups in the gfroups folder?

  • 8. Re: Clients can't save to the server, access denied no permissions, how to give permission?
    Don Roedl Level 2 Level 2 (210 points)

    I guess I'd like to break this down to its lowest common denominator first. I'd like to see a user log in and have complete read/write access to the home folder on the boot volume and the secondary volume. I understand this is part of the problem, correct? So if you could leave the group out of the experiment and just try the basic user and login as described in my previous post, I'd like to hear about those results. Please correct me if I misunderstood.

  • 9. Re: Clients can't save to the server, access denied no permissions, how to give permission?
    Bacartini Level 1 Level 1 (0 points)

    Under Server Admin when you click on the sharepoints and look at the permissions tab, which users and/or groups must have permissions for each sharepoint. In my setup I have "classes 2013" sharepoint to connect all my groups and "students 2013" to connect the users. What goes on the ACL and POSIX sections of server admin?

  • 10. Re: Clients can't save to the server, access denied no permissions, how to give permission?
    Don Roedl Level 2 Level 2 (210 points)

    Help me find my compass here. In your original post you stated that users could not save anything. I assume this meant to their home folders as well.

     

    Can users now log in and save data to their home folders, documents, desktop, etc?

     

    Is it just the groups part of the equation that is an issue now?

  • 11. Re: Clients can't save to the server, access denied no permissions, how to give permission?
    Bacartini Level 1 Level 1 (0 points)

    When I first setup the server, the users were able to log in to their groups but weren't able to save their work with some sort of access denied or having no permissions. After reinstalling a fresh OS now I can't log in at all saying there was an error but with no code. If I create another group sharepoint, should I unshare the group folder the OS created by default? Would have to be done to the default users folder too?

  • 12. Re: Clients can't save to the server, access denied no permissions, how to give permission?
    Don Roedl Level 2 Level 2 (210 points)

    I am sorry you are having so many troubles. Apparently, I am not making myself very clear about this.

     

    I think I would be getting the setup to a point where users can log in and successfully demonstrate read/write access to their home folders. So....just one thing at a time. Its difficult to pinpoint the issue trying to look at both of these things at once, since having the one working successfully is dependent upon the other. So I would leave out the group folder for now. It can be added later. Just try it as an experiment.

     

    One tip, verify that your permissions on the top folder of your Home Dir volume match those on the Users volume that is on the main boot volume.

  • 13. Re: Clients can't save to the server, access denied no permissions, how to give permission?
    Bacartini Level 1 Level 1 (0 points)

    I can't thank enough for your help and assistance, I followed your advice and reinstalled it , used the users and groups sharepoint made by default, applied permissions to all the users and groups created and was able to solve the problem. I will try to create othe sharepoints to store movies and pictures the kids can access to do their work.

  • 14. Re: Clients can't save to the server, access denied no permissions, how to give permission?
    Don Roedl Level 2 Level 2 (210 points)

    Very glad to help, and happy it worked out!